Risk
9/9/2010
00:02 AM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

iPhone iOS Devices Jailbroken

Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.

Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.Hacker Pod2g from the group Chronix Dev Team claims to have found a boot ROM vulnerability that can be used to create jailbreak exploits for most iPhones and iPod Touches. Such an exploit can't be fixed with a firmware update - rather they require a replacement of the hardware device. That's because once the boot ROM is programmed and set and the phone assembled in the factory, this segment of hardware can't be updated.

That means if you bought your device before today, or before Apple patches the hole in manufacturing, you may be able to jailbreak your device without Apple being able to do much - if anything - about it.

Any day now expect the iPhone Dev Team and others to publish software that will make it simple for anyone to jailbreak their iPhone or Touch.

It seems serendipitous that the jailbreakable vulnerability was announced on the same day Apple made its iOS 4.1 upgrade available. As Paul McDougall points out, the upgrade offers a number of enhancements including a social gaming platform, TV show rentals, iTunes Ping, advanced photographic capabilities, and fixes a number of bugs and other performance issues.

However, users may want to think twice before jailbreaking their devices. In February, Apple filed for a patent that covers the ability to spot and disable various unauthorized uses of an iPhone, Touch, or iPad - jailbreaking included.

So by jailbreaking the device, you may not only be voiding the warranty - but you may one day end up with a bricked phone or MP3 player.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.